Beginning in SAS^® 9.2, SSL support is provided through the BASE SAS component SAS/SECURE SSL.

Note: You do not have to license the SAS/SECURE^® product in order to use the SAS/SECURE SSL component in all releases of SAS^®9.

During the SAS^® Foundation installation process, you have an option to not install all of the SAS Foundation products and components. If you do not install the SAS/SECURE SSL component, you will encounter problems with SAS components that use SSL. Here is a list of some SAS components that use SSL:

• The FILENAME URL engine to secured websites
• SAS/CONNECT^® Spawner with SSL
• SAS/SHARE^® with SSL
• PROC HTTP
• URL Access Method
• Connections to LDAP

You also receive errors similar to the following when you try to use SSL:

• (With PROC HTTP): ERROR: Could not find extension: (tkessl)
• (With the FILENAME URL engine): ERROR: cannot load SSL support

If you receive these or similar errors, verify that your SAS installation contains the tkessl executable. Here are the relevant paths:

• Windows location: SASHome\SASFoundation\9.x\core\sasext\tkessl.dll
• UNIX location: SASHome/SASFOUNDATION/9.x/sasexe/tkessl.so
• z/OS location: sas-prefix.LIBRARY(TKESSL)

If you find the tkessl executable, verify that the SAS option NOENCRYPTFIPS (default value) is set by executing the following: 

PROC OPTIONS OPTION=ENCRYPTFIPS VALUE; RUN;

If the ENCRYPTFIPS option is turned on, SAS attempts to load a special subset of OpenSSL libraries, contained as part of the OpenSSL FIPS Object Module. See "How SAS Implements FIPS" in Encryption in SAS^® 9.4, Sixth Edition for details about FIPS usage.

Also, if you find the tkessl executable and you are running on a UNIX host, check the contents of SASHome/SASFoundation/9.x/bin/sasenv_local for one of the following values:

• LD_LIBRARY_PATH (for Linux)
• SHLIB_PATH (for HP)
• LIBPATH (for AIX)

The value should be set similar to the following:

LD_LIBRARY_PATH=/SASFoundation/9.x/sasexe:${LD_LIBRARY_PATH}: /usr/local/product/lib
export LD_LIBRARY_PATH

If the tkessl executable is missing, run the SAS^® Deployment Wizard again as if you were beginning an installation. Here are the SAS Deployment Wizard executables for the various operating environments:

• Windows: setup.exe
• UNIX: setup.sh
• z/OS: setup.rexx

Complete these steps to install the tkessl executable:

1. Select Install Additional Software and click Next:
   
2. Select SAS Foundation and click Next:
   
3. Select SAS/Secure SSL and click Next:
   

After you complete these steps, you should see the missing tkessl executable in the appropriate location specified above. In addition, you should see the SAS/SECURE SSL component in the SAS registry. For information about how to run the ViewRegistry report to verify the registry, see SAS KB0036131: "Using the ViewRegistry Report and other methods to determine the SAS^® 9.2 and later software releases and hot fixes that are installed."

Contact SAS Technical Support if the following describes your current situation:

• You are running an older release of SAS with no plans for maintenance or hot fixes.
• You no longer have access to your SAS Depot or cannot run the SAS Deployment Wizard to install the SAS/SECURE SSL component.